And I hadn't explained myself because a side-idea got stuck in my head in the writing, and went first, and obscured the bit that I thought was more important all along.  Grrr.

What I'd really meant by standards, at least when I was writing it, would be something less like ASCII and more like an objective way of measuring how secure a piece of software is.  I don't think there's really any way right now to formally state or measure something like that, and this seems like a problem.  Maybe it's utterly impossible, but it seems like it would be useful to have a proper security rating, that is properly testable, and legal restrictions based along it.  For example, anything that accesses the internet must get an 8/10 on the formal security scale, or something.